Changelog History
Page 1
-
v2.23.0 Changes
April 22, 2022Don't automatically set :httponly cookie option if :http_only option is set in remember feature (jeremyevans)
๐ Fix invalid domain check in internal_request feature when using Rack 3 (jeremyevans)
๐ Make removing all multifactor authentication methods mark session as not authenticated by SMS (janko) (#235)
๐ Use use_path option when rendering QR code to svg in the otp feature, to reduce svg size (jeremyevans)
-
v2.22.0 Changes
March 22, 2022Ignore parameters where the value includes a null byte by default, add null_byte_parameter_value configuration method for customization (jeremyevans)
๐ Handle sessions created before active_sessions feature was enabled during logout (jeremyevans) (#224)
Add reset_password_notify for emailing users after successful password resets (jeremyevans)
An email method can now be used in external features to DRY up email creation code (jeremyevans)
The change_password_notify feature now correctly handles template precompilation (jeremyevans)
๐ Fix update_sms to update stored sms hash (bjeanes) (#222)
-
v2.21.0 Changes
February 23, 2022Avoid extra bcrypt hashing on account verification when using account_password_hash_column (janko) (#217)
๐ Make require_account public (janko) (#212)
๐ฎ Force specific date/time format when displaying webauthn last use time (jeremyevans)
Automatically clear the session in require_login if users go beyond verify account grace period (janko) (#211)
Fix typo in default value of global_logout_label in active_sessions plugin (sterlzbd) (#209)
-
v2.20.0 Changes
January 24, 2022Change the default implementation of webauth_rp_id to not include the port (jeremyevans) (#203)
๐ Make logout of all sessions in active_sessions plugin also remove remember key if using remember plugin (jeremyevans)
-
v2.19.0 Changes
December 22, 2021Add login_maximum_bytes, setting the maximum number of bytes in a login, 255 by default (jeremyevans)
Add password_maximum_bytes, setting the maximum number of bytes in a password, nil by default for no limit (jeremyevans)
Add password_maximum_length, setting the maximum number of characters in a password, nil by default for no limit (jeremyevans)
๐ Support multi-level inheritance of Rodauth::Auth (janko) (#191)
๐ Allow internal_request feature to work correctly when loaded into custom Rodauth::Auth subclasses before loading into a Roda application (janko) (#190)
Assign internal subclass created by internal_request feature to the InternalRequest constant (janko) (#187)
-
v2.18.0 Changes
November 23, 2021๐ Allow JSON API access to /multifactor-manage to get links to setup/disable multifactor authentication endpoints (jeremyevans)
๐ Allow JSON API access to /multifactor-auth to get links to possible multifactor authentication endpoints (jeremyevans)
Set configuration_name on class passed via :auth_class option if not already set (janko, jeremyevans) (#181)
๐ Use viewbox: true option when creating QR code in otp feature, displays better and easier to style when using rqrcode 2+ (jeremyevans)
๐ Make argon2 feature work with argon2 2.1.0 (jeremyevans)
-
v2.17.0 Changes
September 24, 2021Make jwt_refresh work correctly with verify_account_grace_period (jeremyevans)
๐ Use 4xx status code when attempting to login to or create an unverified account (janko) (#177, #178)
-
v2.16.0 Changes
August 23, 2021โ Add Rodauth.lib for using Rodauth as a library (jeremyevans)
๐ง Make internal_request feature work if the configuration uses only_json? true (janko) (#176)
-
v2.15.0 Changes
July 27, 2021Add path_class_methods feature, for getting paths/URLs using class methods (jeremyevans)
๐ง Make default base_url method use configured domain (janko) (#171)
โ Add internal_request feature, for interacting with Rodauth by calling methods (jeremyevans, janko)
-
v2.14.0 Changes
June 22, 2021๐ Make jwt_refresh feature allow refresh with expired access tokens even if prefix is not set correctly (jeremyevans) (#168)
Make internal account_in_unverified_grace_period? method handle accounts missing or unverified accounts (janko, jeremyevans) (#167)
Add remembered_session_id configuration method for getting session id from valid remember token if present (bjeanes) (#166)